Active Directory, Exchange, Windows, Lync, Skype for Business and Office 365 how-to's and tips and tricks as we pick them up. Feel free to pass on anything you see here, and PLEASE subscribe to our RSS feed, and leave comments if you find our posts helpful!

Friday, July 10, 2015

Parse-TransportLogs - Which IPs on my network are sending SMTP through that connector?

I get asked this at some point in almost every Hybrid migration. The answer is always to turn up your SMTP logging to get those details. The problem is that parsing that data is difficult. Unlike an HTTP log where each hit was a transaction, SMTP logs contain the entire SMTP conversation, so one transaction can be 10-30 lines in an SMTP log file.

Additionally, SMTP logs store the remote-endpoint as a single field of IP and Port.

This script takes *.log from the directory you specify, and will search for lines containing "Queued" - meaning an email was accepted by the connector and write those to a temporary file. Then it will parse the data, the Top client IP addresses along with a count!